The Power of Images in Security Awareness

The more I work with the human issues of information security, the more I believe in the use of imagery. Images are a simple way to communicate complex messages across multiple cultures and languages. As humans, images are one of the most effective ways we remember a message (think of the saying 'a picture is worth a thousand words'). As an example, refer to the image in this blog post. This is an image we often use for communicating the concept of "You Are The Target". The goal of this message is to teach employees that they are the primary target. People often have the misconception that they have nothing of value, that cyber criminals do not target them. However, as most of us know this is far from the truth, it is often the individual that is the primary target, it is the human that is the weakest link. By associating an image with this message, you now have several advantages.

First, one of the biggest advantages is you can now use the same image across multiple forms of media such as in posters, newsletters, screensavers, training videos, or presentations. This allows you to maintain a consistent message regardless of the media used for the communication.

Also, notice how in this example the image is computer generated. I have learned that computer generated content has tremendous benefits when dealing with large, multi-cultural organizations. The challenge with content using real people is these images denote a specific culture, race, language or perhaps even religion. This causes problems when dealing with mixed nationalities. The more a employee can relate to an image, the more likely they will listen to and remember your message. The advantage with computer generated content is the images are neutral, people cannot distinguish elements such as culture, race, language or religion. This allows you to create a single message, but one you can use across your entire organization.

The more your message is based on imagery, the less translation issues you have in multi-lingual organizations. This is a bigger issue then you may think. Not only are there costs involved in translation, but also in the design of your content. For example, the Arabic language uses 30% less space then English in print, however languages such as Polish use 30% more space. Factors such as these are important for media that use a lot of text, such as newsletters The more your message uses images, the less translation issues you run into.

What are some tricks you or your organization have used to ensure a single message can be easily communicated to diverse sets of employees?

About the Author

Lance Spitzner

Director, SANS Security Awareness

Lance Spitzner has over 20 years of security experience in cyber threat research, security architecture, awareness and training. He helped pioneer the fields of deception and cyber intelligence and founded the Honeynet Project. In addition, Lance has published three security books, consulted in over 25 countries and helped over 350 organizations build programs to manage their human risk. Lance is a frequent presenter, serial tweeter ( @lspitzner ) and works on numerous community security projects. Mr. Spitzner served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.